Privileges available to a user are included in their user ID definition. CA SOLVE:FTS provides the required definition panels for use in the Userid Access Maintenance System (UAMS) and support for the relevant structured fields if a full security exit is installed to replace the UAMS component.
The allocation of privileges to users is likely to be determined by the manner in which CA SOLVE:FTS is used in your installation, and the implications of allocation of the various privileges are reviewed here.
System privileges let authorized users define, request, and control the transmissions of production files, and to have overall control of the system.
Consider the following points when deciding to whom you want to authorize private privilege:
Therefore, a user who is assigned system definition privilege should not also be assigned system request privilege. This prevents one individual user from being able to define the requirement for access to sensitive data sets and to cause CA SOLVE:FTS to carry out that access.
Note: Additional security is available by restricting such users to specific terminals.
System request privilege is usually restricted to Operations.
Note: Additional security is available by restricting such users to specific terminals.
System control privilege is usually restricted to Operations and systems programmers responsible for support.
Private privilege lets authorized users move files from one location to another.
Consider the following when deciding to whom you want to authorize private privilege:
You can allocate the Private Definition privilege to many users to let them set up their own transmission definitions on the VSAM database. You should enforce naming conventions and limit the number of definitions that any one user may set up. You can impose these limitations by doing one of the following:
You can assign the Private Request privilege to many users to let them schedule for transmission, at any time, any private definition that they may access (as dictated by their private access mask).
If private users are allowed to use any available transmission class, this may allow private transmissions to preempt, or run at a higher priority than, system transmissions. Restriction of private transmission requests to installation specified classes provides control over the number of initiators that are available for servicing private transmissions. This control in turn can be used to limit the number of private transmissions that may be in progress to a particular destination at one time, and allows all private activity to be suspended at peak system transmission times. The access authorization exit can be written to enforce classes for private users or you can assign the Private Request privilege to Operations, who can then attend to the requirements of the remaining users.
You can let all users monitor, interrupt, and restart their own private requests. In this scenario, users must also look after their own transmissions, thereby removing the need for operations supervision of private requests. Alternatively, you can let Operations supervise private transmissions.